Siemens Sicam Gridedge vulnerabilities
5 known vulnerabilities affecting siemens/sicam_gridedge.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2022-30230P2CRITICALCVSS 9.8fixed in V2.6.62022-06-14
CVE-2022-30230 [CRITICAL] CWE-306 CVE-2022-30230: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affecte
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions.
nvd
CVE-2022-30228P4MEDIUMCVSS 6.5fixed in V2.6.62022-06-14
CVE-2022-30228 [MEDIUM] CWE-346 CVE-2022-30228: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affecte
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed.
nvd
CVE-2022-30229P4MEDIUMCVSS 5.3fixed in V2.6.62022-06-14
CVE-2022-30229 [MEDIUM] CWE-306 CVE-2022-30229: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affecte
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of a user, such as credentials, in case that user's id is known.
nvd
CVE-2022-34464P4MEDIUMCVSS 5.5fixed in V2.7.32022-07-12
CVE-2022-34464 [MEDIUM] CWE-552 CVE-2022-34464: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affecte
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.7.3). The affected application uses an improperly protected file to import SSH keys. This could allow attackers with access to the filesystem of the host on which SICAM GridEdge runs to inject a custom SSH key to that file.
nvd
CVE-2022-30231P4MEDIUMCVSS 4.3fixed in V2.6.62022-06-14
CVE-2022-30231 [MEDIUM] CWE-402 CVE-2022-30231: A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affecte
A vulnerability has been identified in SICAM GridEdge (Classic) (All versions < V2.6.6). The affected application discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another user's password hash.
nvd